84 lines
1.8 KiB
YAML
84 lines
1.8 KiB
YAML
id: soa-detect
|
|
|
|
info:
|
|
name: SOA Record Service - Detection
|
|
author: rxerium
|
|
severity: info
|
|
description: |
|
|
Detects which domain provider a domain is using, detected through SOA records
|
|
reference:
|
|
- https://www.cloudflare.com/learning/dns/dns-records/dns-soa-record/
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: dns,soa
|
|
|
|
dns:
|
|
- name: "{{FQDN}}"
|
|
|
|
type: SOA
|
|
|
|
matchers-condition: or
|
|
matchers:
|
|
- type: word
|
|
name: "cloudflare"
|
|
words:
|
|
- "dns.cloudflare.com"
|
|
|
|
- type: word
|
|
name: "amazon-web-services"
|
|
words:
|
|
- "awsdns"
|
|
|
|
- type: word
|
|
name: "akamai"
|
|
words:
|
|
- "hostmaster.akamai.com"
|
|
|
|
- type: word
|
|
name: "azure"
|
|
words:
|
|
- "azure-dns.com"
|
|
|
|
- type: word
|
|
name: "ns1"
|
|
words:
|
|
- "nsone.net"
|
|
|
|
- type: word
|
|
name: "verizon"
|
|
words:
|
|
- "verizon.com"
|
|
|
|
- type: word
|
|
name: "google-cloud-platform"
|
|
words:
|
|
- "googledomains.com"
|
|
- "google.com"
|
|
|
|
- type: word
|
|
name: "alibaba"
|
|
words:
|
|
- "alibabadns.com"
|
|
|
|
- type: word
|
|
name: "safeway"
|
|
words:
|
|
- "safeway.com"
|
|
|
|
- type: word
|
|
name: "mark-monitor"
|
|
words:
|
|
- "markmonitor.com"
|
|
- "markmonitor.zone"
|
|
|
|
- type: word
|
|
name: "hetznet"
|
|
words:
|
|
- "hetzner.com"
|
|
|
|
- type: word
|
|
name: "edge-cast"
|
|
words:
|
|
- "edgecastdns.net"
|
|
# digest: 4b0a00483046022100f2cd1d2d52b6332f270dbd6c1fdfc0831c05733b5bfdec2df55ec9efafde5319022100b4f3e4adc6b6c8505cef05b98b3c52a3bc7c9a3d280d036f60abc1cfc47b0cc9:922c64590222798bb761d5b6d8e72950 |